> While I agree with your observation I feel compelled to > defend his point. > > He said mounting /tmp will stop MOST Trojans. While it might > not stop a trojan planted by a person, it will stop a trojan > planted by a worm (which is what this thread is about) since > the author of the worm might not have had the insight to use ld.so. >
A good solution, not too hard to implement, is to patch your kernel with grsecurity. Grsecurity provides a very good level of protection against buffer overflow attacks, It randomizes PIDs, it protects chroots, enforces the TCP/IP stack, etc. Grsecurity is actually a cumulative patch from Pax, some OpenBSD TCP/IP stuff ported into linux, openwall, HAP-linux. Btw it is very configurable, and pretty well documented, at configuration level. I use it and am very happy with it. If I trust archives from this list, I am not the only one in this case :-) http://www.grsecurity.net
